tag:computers.tutsplus.com,2005:/categories/authenticationEnvato Tuts+ Computer Skills - Authentication2015-05-18T01:00:00Ztag:computers.tutsplus.com,2005:PostPresenter/cms-237052-Factor Authentication Without Hassle<h2>Screencast</h2><figure data-video-embed="true" data-original-url="https://www.youtube.com/watch?v=-MRJGI9p8GM" class="embedded-video">
<iframe data-src="//www.youtube.com/embed/-MRJGI9p8GM?rel=0" frameborder="0" webkitallowfullscreen="webkitallowfullscreen" mozallowfullscreen="mozallowfullscreen" allowfullscreen="allowfullscreen"></iframe>
</figure><p>2-Factor Authentication, often referred to as <em>2FA</em>, simply means using a password (something you know) and a second factor (something you have) to log into an application or website.<br></p><p>In the beginning, many companies would use their own proprietary 2-Factor Authentication by asking for both a password and then a personal identification code or
passphrase before they sign in the user. <br></p><p>More secure companies would send users a
key fob or USB stick that generates a predetermined set of random
numbers and letters. Some other companies may even require a text or phone call be sent to a verified phone number.</p><p>The user logs in by entering a password, then the
random number/letter hash generated for that particular day and time.
Only when both the password and hash both match up to what the company
has on file, is the customer actually logged in.</p><figure class="post_image"><img alt="Old school 2FA using a key fob" data-src="https://cms-assets.tutsplus.com/uploads/users/59/posts/23705/image/2fa-1.jpg"><figcaption>2FA using a key fob</figcaption></figure><p>Using a key fob system was a costly and time-consuming option for most companies as it involved manufacturing, processing and shipping those fobs. But now, thanks to the ubiquity of smartphones, companies like <a href="https://support.google.com/accounts/answer/1066447?hl=en" target="_self">Google</a> or <a href="https://www.authy.com/" target="_self">Authy</a> can create apps that act as those key fobs. Thus eliminating the headaches of 2FA for companies and their users alike.<br></p><p>Now 2FA is easy to implement and makes the websites and applications you use so much more secure. When secured by 2FA, the hacker
would need both the user's password and their random hash. Based on the way Google and Authy generate those hashes, the likelihood of a hacker acquiring both is almost nonexistent. So why not spend a few minutes making the websites and applications you use daily more secure? <br></p><p>In this tutorial I’ll show you how to set up 2-Factor Authentication on:</p><ul>
<li>Slack using <a href="https://support.google.com/accounts/answer/1066447?hl=en" target="_self">Google Authenticator</a><br>
</li>
<li>Coinbase using <a href="https://www.authy.com/" target="_self">Authy</a><br>
</li>
</ul><h2>Turn on 2FA for Slack Using Google Authenticator<br>
</h2><p>Slack recently announced that a four month long hack of user profiles had occurred and just recently been detected. While they assured the public that no financial data was compromised, they did admit that user profile data was. The silver lining to this very dark cloud was that the same day they announced the hack, they also enabled 2-Factor Authentication.</p><p>To enable 2FA on Slack, log in then click the <strong>upward-chevron</strong> next to the username. Choose <strong>Your Account</strong>. Click the <strong>Expand</strong> link next to <strong>Two factor Authentication</strong>. Enter your Slack password and click <strong>Enable two factor authentication</strong>. The following screen should look like similar to this:<br></p><figure class="post_image"><img alt="2fA on Slack using Google Authenticator" data-src="https://cms-assets.tutsplus.com/uploads/users/59/posts/23705/image/2fa-2.jpg"><figcaption>2FA on Slack using Google Authenticator</figcaption></figure><p>On the iPhone, launch the App Store and do a search for Google Authenticator. Be
sure that the publisher is listed as Google and the cost is Free.
Download/install the application.</p><p>Open Google Authenticator. Click <strong>Begin Setup</strong>. Then click <strong>Scan Bar code</strong>. Hold the phone up to the bar code on the computer to allow it to scan. Once scanned the Slack channel will be a permanent fixture in the Authenticator app.</p><figure class="post_image"><img alt="A 2FA code in Google Authenticator" data-src="https://cms-assets.tutsplus.com/uploads/users/59/posts/23705/image/2fa-3.png"><figcaption>A 2FA code in Google Authenticator</figcaption></figure><p>From now on, Slack will not only ask for a username and password, but it will also ask for the random number generated inside the Google Authenticator application before logging in. Those two factors will keep Slack much more secure.<br></p><h2>Turn on 2FA for Coinbase Using Authy<br>
</h2><p>Coinbase is a great online wallet where you can buy, sell, or store bitcoins. But because recovering a lost or stolen bitcoin is next to impossible, I strongly recommend enabling 2FA before any transfer in or out of the wallet is authorized.</p><p>To set up 2FA on Coinbase using Authy, log into Coinbase. Click the <strong>downward chevron</strong> next to the name, then click <strong>Settings</strong>. Click <strong>Security</strong>, then under Two-Step Verification Settings choose <strong>Any amount of bitcoins</strong>. Finally, click <strong>Save</strong>.</p><p>To get the code that will be used as the second factor of authentication going forward, download <strong>Authy</strong> from the App Store and launch it. Enter the phone number with area code to authorize the device. <br></p><figure class="post_image"><img alt="Authorizing a device in Authy" data-src="https://cms-assets.tutsplus.com/uploads/users/59/posts/23705/image/2fa-4.jpg"><figcaption>Authorizing a device in Authy</figcaption></figure><p>Choose the preferred way to get the initial authorization code: either SMS or Phone call. Enter the code on the following screen. Click the <strong>+</strong> icon to add a new application. Choose Coinbase or scan the QR code.</p><figure class="post_image"><img alt="Adding a 2FA account to Authy" data-src="https://cms-assets.tutsplus.com/uploads/users/59/posts/23705/image/2fa-5.jpg"><figcaption>Adding a 2FA account to Authy</figcaption></figure><p>Going forward Coinbase will require both a username/password combination and the randomly generated code from Authy. <br></p><h2>Conclusion</h2><p>In this tutorial I demonstrated 2-Factor Authentication for two different websites using two different iPhone applications. But don't stop there! I strongly encourage creating a list of all the applications or sites used daily. Check to see which ones offer 2FA and which ones don't. <br></p><p>If they do offer 2FA, enable it as soon as possible. There is a good chance that they will use either Google Authenticator or Authy, so setup should be easy. If they do not offer 2FA, encourage them via email or phone to do so. It is, after all, your information they are storing. <br></p><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>2015-05-18T01:00:00.000Z2015-05-18T01:00:00.000ZAlex Spencer